Skip to main content
CVE-2020-11854 CRITICAL POC THREAT Emergency

Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Application Performance Management Operations Bridge Operations Bridge Manager
NVD GitHub
CVSS 3.1
9.8
EPSS
74.2%
CVE-2020-11858 HIGH POC Act Now

Code execution with escalated privileges vulnerability in Micro Focus products Operation Bridge Manager and Operation Bridge (containerized). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Operations Bridge Operations Bridge Manager
NVD GitHub
CVSS 3.1
7.8
EPSS
2.7%
CVE-2020-27160 CRITICAL POC Act Now

Addressed remote code execution vulnerability in AvailableApps.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114 (issue 3 of 3). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Path Traversal My Cloud Firmware
NVD
CVSS 3.1
9.8
EPSS
4.7%
CVE-2020-27159 CRITICAL POC Act Now

Addressed remote code execution vulnerability in DsdkProxy.php due to insufficient sanitization and insufficient validation of user input in Western Digital My Cloud NAS devices prior to 5.04.114. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection PHP My Cloud Firmware
NVD
CVSS 3.1
9.8
EPSS
5.9%
CVE-2020-27158 CRITICAL POC Act Now

Addressed remote code execution vulnerability in cgi_api.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection PHP My Cloud Firmware
NVD
CVSS 3.1
9.8
EPSS
7.2%
CVE-2020-25765 CRITICAL POC Act Now

Addressed remote code execution vulnerability in reg_device.php due to insufficient validation of user input.in Western Digital My Cloud Devices prior to 5.4.1140. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP My Cloud Firmware
NVD
CVSS 3.1
9.8
EPSS
5.8%
CVE-2020-27853 CRITICAL POC Act Now

Wire before 2020-10-16 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a format string. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google RCE Denial Of Service Wire Wire Audio Video And Signaling +1
NVD GitHub
CVSS 3.1
9.8
EPSS
3.8%
CVE-2020-23864 HIGH POC This Week

An issue exits in IOBit Malware Fighter version 8.0.2.547. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Malware Fighter
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-7755 HIGH POC This Week

All versions of package dat.gui are vulnerable to Regular Expression Denial of Service (ReDoS) via specifically crafted rgb and rgba values. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Dat Gui
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-7754 HIGH POC PATCH This Week

This affects the package npm-user-validate before 1.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Information Disclosure Npm User Validate
NVD GitHub
CVSS 3.1
7.5
EPSS
3.4%
CVE-2020-23945 HIGH POC This Week

A SQL injection vulnerability exists in Victor CMS V1.0 in the cat_id parameter of the category.php file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Victor Cms
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-7753 HIGH POC PATCH This Week

All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim(). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Trim
NVD GitHub
CVSS 3.1
7.5
EPSS
3.7%
CVE-2020-15238 HIGH POC This Week

Blueman is a GTK+ Bluetooth Manager. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Code Injection Blueman Debian Linux Fedora
NVD GitHub Exploit-DB
CVSS 3.1
7.0
EPSS
4.5%
CVE-2020-16140 MEDIUM POC This Month

The search functionality of the Greenmart theme 2.4.2 for WordPress is vulnerable to XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Greenmart
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-9866 CRITICAL Act Now

A buffer overflow was addressed with improved bounds checking. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple Mac Os X
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-12830 CRITICAL Act Now

Addressed multiple stack buffer overflow vulnerabilities that could allow an attacker to carry out escalation of privileges through unauthorized remote code execution in Western Digital My Cloud. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption My Cloud Firmware
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2020-10256 CRITICAL Act Now

An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in beta versions of the 1Password SCIM bridge prior to 0.7.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Command Line Interface Scim
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-27183 CRITICAL Act Now

A RemoteFunctions endpoint with missing access control in konzept-ix publiXone before 2020.015 allows attackers to disclose sensitive user information, send arbitrary e-mails, escalate the privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Publixone
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-27179 CRITICAL Act Now

konzept-ix publiXone before 2020.015 allows attackers to take over arbitrary user accounts by crafting password-reset tokens. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Publixone
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-9932 HIGH This Week

A memory corruption issue was addressed with improved validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Apple Safari +3
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-27890 HIGH This Week

The Zigbee protocol implementation on Texas Instruments CC2538 devices with Z-Stack 3.0.1 does not properly process a ZCL Write Attributes No Response message. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Z Stack
NVD GitHub
CVSS 3.1
8.2
EPSS
1.0%
CVE-2020-9973 HIGH This Week

An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Information Disclosure Ipados +2
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2020-9961 HIGH This Week

An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Information Disclosure Icloud +6
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2020-3880 HIGH This Week

An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Information Disclosure Ipados +4
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-3864 HIGH This Week

A logic issue was addressed with improved validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Apple Icloud Itunes +7
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-3863 HIGH This Week

A memory corruption issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Apple Mac Os X
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-3851 HIGH This Week

A use after free issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Apple Mac Os X
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-6023 HIGH This Week

Check Point ZoneAlarm before version 15.8.139.18543 allows a local actor to escalate privileges while restoring files in Anti-Ransomware. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Checkpoint Privilege Escalation Zonealarm
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-9941 HIGH This Week

This issue was addressed with improved checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os Mac Os X +2
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2020-9782 HIGH This Week

A parsing issue in the handling of directory paths was addressed with improved path validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Path Traversal Mac Os X
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-9774 HIGH This Week

An issue existed with Siri Suggestions access to encrypted data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Mac Os X
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2020-27892 HIGH This Week

The Zigbee protocol implementation on Texas Instruments CC2538 devices with Z-Stack 3.0.1 does not properly process a ZCL Discover Commands Received Response message or a ZCL Discover Commands. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Z Stack
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-27891 HIGH This Week

The Zigbee protocol implementation on Texas Instruments CC2538 devices with Z-Stack 3.0.1 does not properly process a ZCL Read Reporting Configuration Response message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Z Stack
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-27888 HIGH This Week

An issue was discovered on Ubiquiti UniFi Meshing Access Point UAP-AC-M 4.3.21.11325 and UniFi Controller 6.0.28 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ubiquiti Information Disclosure Unifi Meshing Access Point Firmware Unifi Controller Firmware
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-8579 HIGH This Week

Clustered Data ONTAP versions 9.7 through 9.7P7 are susceptible to a vulnerability which allows an attacker with access to an intercluster LIF to cause a Denial of Service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Clustered Data Ontap
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-27180 HIGH This Week

konzept-ix publiXone before 2020.015 allows attackers to download files by iterating over the IXCopy fileID parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Publixone
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-8956 LOW POC Monitor

Pulse Secure Desktop Client 9.0Rx before 9.0R5 and 9.1Rx before 9.1R4 on Windows reveals users' passwords if Save Settings is enabled. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ivanti Microsoft Brute Force Pulse Secure Desktop
NVD GitHub
CVSS 3.1
3.3
EPSS
1.2%
CVE-2020-15352 HIGH This Week

An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF XXE Connect Secure Pulse Connect Secure Policy Secure +1
NVD
CVSS 3.1
7.2
EPSS
3.2%
CVE-2020-3855 HIGH This Week

An access issue was addressed with improved access restrictions. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Mac Os X
NVD
CVSS 3.1
7.1
EPSS
0.7%
CVE-2020-27181 MEDIUM This Month

A hardcoded AES key in CipherUtils.java in the Java applet of konzept-ix publiXone before 2020.015 allows attackers to craft password-reset tokens or decrypt server-side configuration files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Authentication Bypass Publixone
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-27182 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in konzept-ix publiXone before 2020.015 allow remote attackers to inject arbitrary JavaScript or HTML via appletError.jsp, job_jacket_detail.jsp,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Publixone
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-9982 MEDIUM This Month

This issue was addressed with improved checks to prevent unauthorized actions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Apple Music
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2020-9979 MEDIUM This Month

A trust issue was addressed by removing a legacy API. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os Tvos
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-6022 MEDIUM This Month

Check Point ZoneAlarm before version 15.8.139.18543 allows a local actor to delete arbitrary files while restoring files in Anti-Ransomware. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Checkpoint Information Disclosure Zonealarm
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-9860 MEDIUM This Month

A custom URL scheme handling issue was addressed with improved input validation. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2020-3852 MEDIUM This Month

A logic issue was addressed with improved validation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Safari
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-9857 MEDIUM This Month

An issue existed in the parsing of URLs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Mac Os X
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2020-9786 LOW Monitor

This issue was addressed with improved checks This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Mac Os X
NVD
CVSS 3.1
3.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy